<?php

// Check for form submission:
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
	//ob_start();
	require ('../private/mysqli_connect.php'); // Connect to the db.
	
	// Define $username and $password 
	$username=$_POST['username']; 
	$password=$_POST['password']; 

	// Prevent MySQL injection
	$username = stripslashes($username);
	$password = stripslashes($password);
	$username = mysqli_real_escape_string($mysqli, $username);
	$password = mysqli_real_escape_string($mysqli, $password);
	//$sql="SELECT * FROM '$tbl_name' WHERE u_username='$username' and u_password='$password'";
	$query="SELECT * FROM  user_login WHERE  u_username =  '$username' AND  u_pwd =  '$password'";
	$result= @mysqli_query($mysqli, $query);
	$numOfMatchingUsers = @mysqli_num_rows($result);
	echo "<p>Number of matching users: {$numOfMatchingUsers}</p>";
	
	sleep(4);
	/* the user */
	if($result && $numOfMatchingUsers == 1) 
	{
		// TODO: transfer user
		echo "<p>Logged in user '{$username}' successfully.</p>";
		while($row = mysqli_fetch_array($result))
		{
			//echo $row['u_username'];
		}
	}
	else
	{
		if($numOfMatchingUsers == 0)
		{
			echo '<p>The username / password combination was not found.</p>';
		}
		elseif($numOfMatchingUsers > 1)
		{
			// We should never get more than one result.
			echo '<p>Sorry! Something went wrong on our end.</p>';
		}
		else
		{
			echo '<p>Bad login.</p>';
		}
	}
}

function badLoginMessage($mysqli, $query, $username)
{
	echo '<p>' . mysqli_error($mysqli) . '<br /><br />Query: ' . $q . '</p>';
	echo '<p>' . "Unsuccessful in logging in user '{$username}'." .'</p>';
}

?>


<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="main_login.php">
	<td>
	<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
	<tr>
	<td colspan="3"><strong>Login </strong></td>
</tr>
<tr>
	<td width="78">Username</td>
	<td width="6">:</td>
	<td width="294"><input name="username" type="text" id="username"></td>
</tr>
<tr>
	<td>Password</td>
	<td>:</td>
	<td><input name="password" type="text" id="password"></td>
</tr>
<tr>
	<td>&nbsp;</td>
	<td>&nbsp;</td>
	<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
